CVE-2024-11166

Name of the Vulnerable Software and Affected Versions TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F

Description The issue allows an attacker to impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Recommendations For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, consider disabling the Comm-A Identity Request feature until a patch or update is available to prevent an attacker from setting the SLC to the lowest setting and disabling the RA. Restrict access to the system to minimize the risk of exploitation.